Hmmm. I agree that these two points are desirable to implement, but it is also too complex to do. One of the side effects will be that people complain that authentication doesn't work (because the wrong file is active) and people comlain that SuSE doesn't keep to the standards.
Not neccesarilly, make it optional.
We can't afford these two points in the long run. Also, modifying the daemons/packages takes time and manpower...
Can't it be done through PAM? I mean this is EXACTLY what PAM is meant for. #%PAM-1.0 auth required /lib/security/pam_listfile.so item=user sense=deny file= /etc/ftpusers onerr=succeed auth required /lib/security/pam_pwdb.so shadow nullok auth required /lib/security/pam_shells.so account required /lib/security/pam_pwdb.so session required /lib/security/pam_pwdb.so Maybe make a "stub" pam_pwdb called "pam_pwdb_ftp" that looks for /etc/passwd-ftp and /etc/shadow-ftp, or a pam_pwdb that takes an argument for the filename (like pam_listfile). Voila. No mods to daemons needed, power users happy, normal users blissfully unaware (unless they look into pam config files and actually make changes).
It's nice project, though. Would you want to hack and maintain a set of patches that resolve these problems in a few packages?
PAM! use the PAM!. =) -Kurt